CVE-2025-20929

High

Published: 06 March 2025

Published

06 March 2025

Modified

16 July 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

EPSS Score 0.0009 25.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20929 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Samsung Notes. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 25.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the out-of-bounds write vulnerability by requiring timely identification, reporting, and patching of the flaw in Samsung Notes to version 4.4.26.71 or later.

SI-16 Memory Protection good match

prevent

Implements memory protections such as ASLR and DEP to prevent arbitrary code execution resulting from the out-of-bounds write during JPEG parsing.

SI-10 Information Input Validation partial match

prevent

Requires validation of JPEG image inputs to Samsung Notes to detect and reject malformed files that could trigger the out-of-bounds write.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Out-of-bounds write in JPEG parsing component of client application (Samsung Notes) directly enables arbitrary code execution via crafted image with no user interaction required, mapping to Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.

Deeper analysisAI

CVE-2025-20929 is an out-of-bounds write vulnerability (CWE-787) in the JPEG image parsing component of the Samsung Notes application, affecting versions prior to 4.4.26.71. Published on 2025-03-06, the issue has a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L), indicating high integrity impact potential with low requirements for exploitation.

Local attackers with access to the device can exploit this vulnerability by providing a specially crafted JPEG image to Samsung Notes, leading to arbitrary code execution. No user privileges or interaction are required, and the attack complexity is low, making it feasible for unprivileged local users.

Samsung's security advisory for March 2025 (https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03) addresses the vulnerability, with the fix available in Samsung Notes version 4.4.26.71. Security practitioners should ensure devices are updated to this version or later to mitigate the risk.

Details

CWE(s): CWE-787

Affected Products

samsung

notes

≤ 4.4.26.71

CVEs Like This One

CVE-2025-20931Same product: Samsung Notes

CVE-2025-21042Same vendor: Samsung

CVE-2025-20920Same product: Samsung Notes

CVE-2025-20918Same product: Samsung Notes

CVE-2025-20914Same product: Samsung Notes

CVE-2025-20922Same product: Samsung Notes

CVE-2025-20921Same product: Samsung Notes

CVE-2025-20917Same product: Samsung Notes

CVE-2025-20915Same product: Samsung Notes

CVE-2025-20916Same product: Samsung Notes

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03
Vendor Advisory · mobile.security@samsung.com